The sphere of banking services has expanded significantly in recent times. A bank customer (alternatively referred to as a “user”) is afforded new ways of interacting with the bank and methods of payment and transfer of funds. A multitude of payment systems, plastic cards, and banking services, such as remote banking services, allow the user to carry out a variety of transactions by using computing devices. Online banking and mobile banking are making it possible to conduct monetary operations without the involvement of a plastic card or bank account details.
Moreover, various mechanisms exist for protecting a user's funds against access by third parties. When a user is working with online banking, a method such as double authentication is frequently used. After entering of the authentication data (such as login and password, which may have become accessible to third parties) in the browser on the bank site, the bank sends the user a message on his or her mobile telephone containing, for example, an additional verification code which has to be entered in a special field.
However, it should be noted that there are many attacks utilizing vulnerable aspects in a user's interaction with banking services that criminals carry out to gain access to the user's funds. Such attacks are often known as fraud activity. For example, with the use of phishing sites it is possible to obtain the login and password of a user for access to the user's online banking account and services. Malicious software for mobile devices allows criminals to gain access to the verification codes from the bank to carry out transactions using the compromised bank account with confirmation, unbeknownst to the user.
Current solutions use a “user device print” to protect users against fraud activity. In general, the user consistently uses the same devices to access bank services, and each device contains a particular set of software and features which are known to the bank. In the event that the set of software changes on the device, or the device itself is changed, there is a high probability that fraud activity is being committed. When fraud activity is committed on a device, the device is considered to be dangerous by the bank.
Thus, some solutions provide describes a system and a method for the authentication of user transactions. The authentication makes use of “prints” of devices, as well as vectors of various combinations of parameters (characteristics of the device, geolocation, information about the transaction itself).
However, sometimes the user may use the very same devices with different set of programs, different firmware and different browsers to access online banking services. The known systems and methods of comparing the prints of devices identify whether a user has used a device before. If so, and if the device is a trusted device, then the procedure of interacting with the bank is simplified. For example, when using the bank application the user does not need to enter a login and password each time and then wait for an SMS; it is enough to merely gain entrance using the PIN code of the application set for the given user. However, in the event of the aforementioned changes in the sets of programs and firmware, the device may be identified by the security systems of the banks as a new device which the user has not previously used to interact with the banking services. In this case, it becomes necessary to identify and authorize the very same device again, which makes its use inconvenient. Such determinations of a device as being new for the user are also known as false alarms of the security systems.
The present disclosure effectively solves the problem of identifying new devices during a user's interaction with banking services.